Ashley Madison add new ‘mask’ security feature

February 5th, 2016 No Comments By Mof Gimmers

Ever wondered why superheroes don’t get recognised immediately when all they’ve done is put a little mask over their eyes? Well, you can now apply your sleuthing skills when perusing Ashley Madison.

The affair-having dating site has decided to add a new feature to keep your identity a secret (well, the colour of your eyebrows and if you’ve got bags under your eyes), as you can upload a picture and then put a little mask on it.

No, seriously. Have a look!

 Ashley Madison add new mask security feature

Something had to be done after the massive hack that the site suffered last year, which saw 32 million people getting their information leaked and dumped online.

That all said, since the hack was so widely publicised, it seemed to do a nice bit of free advertising for the company, as since the attack, subscriptions actually went up.

Anyway, the site said: “We respect your need for discretion so we’ve added some tools to keep your identity a secret.”

So, you can choose a black or brown mask, three different levels of blurriness, or if you’re old-school, a black bar across your face like a reader’s wives entry. We’re not sure how discrete some of these are – it feels a bit like saying “No! Darling! That couldn’t possibly be me, because they’re wearing a tie, and as you can see, I am not wearing a tie right now!”

Either way, fill your boots if that’s your thing.

EU watchdogs meet about your personal data

February 2nd, 2016 No Comments By Mof Gimmers

peeping tom spy EU watchdogs meet about your personal dataRemember Facebook losing a court case about the way they transferred your personal data out of Europe and back to America?

Well, this case has massive ramifications for tech firms, because most of them make their money on the data they harvest, and EU data regulators are having a meet-up to discuss how these companies handle everyone’s data.

Watchdogs are looking at what happens next, now that the Safe Harbour agreement doesn’t apply in Europe any more. The previous agreement meant that business didn’t have to get authorisation for individual data transfers.

A replacement deal is still being mulled over, and it is thought that there’s going to be some kind of announcement about it tomorrow.

Any new pact means that American companies are going to have to convince EU regulators that there’s adequate privacy protections for Europeans and their personal data. A new agreement is all set to be called ‘Safer Harbour’, which must have taken all of 5 seconds to come up with.

Safer Harbour will try and work out a way of protecting citizens, without hindering American tech companies too much. There’s talk of an independent ombudsman being introduced, who could heavily penalise tech companies that aren’t careful enough with people’s personal information, and there’s also mutterings about this going to court all over again, should the tech companies not like any new proposals from Europe.

More when we get it.

whatsapp Now WhatsApp are sharing data with Facebook, what are the alternatives?Facebook have owned WhatsApp for a while now, but they seemed sufficiently separate enough so that people didn’t ditch the messaging app, over privacy concerns which should be present when Facebook are involved with anything.

Of course, the very fact WhatsApp is Facebook-owned should be enough, but now, according to a screenshot that is doing the rounds, you’ll now be able to share data with Facebook from your WhatsApp app. You can assume that it’ll be automatically ticked in the next update.

Now, WhatsApp are looking at adding video calling, document sharing, and all manner of new things. They of course, made their app free recently too.

Despite all that, people might be feeling increasingly uneasy with Facebook sniffing around them, which of course, they already do with the Messenger app.

Either way, if you’re looking at ditching WhatsApp, because you don’t like Facebook or just because you’re after something else as an alternative in the event of an outage or whatever, here’s some of the messaging apps you can try out.

Alternatives To WhatsApp

TelegramA lot of people are on Telegram these days, which is a great alternative to WhatsApp. One good feature is that you can destroy messages on a timer, if that’s your bag, as well as send a host of media files, and set up chat groups and whatnot. Of all of the messaging apps out at the minute, this is one of the most popular, and well loved. Click here to get it.

Line - The biggest rival WhatsApp has, is Line, which allows you to send messages, send video, and make calls. It basically does everything you’d expect it to do. Get it here.

Viber – Viber is a very popular app, which was originally set up as a competitor to Skype. It is available on all the main systems, and there’s a desktop version if that’s something that’ll sway things for you. Worth a gander. Download it here.

WeChat – Another extremely popular messaging and communications app is WeChat, who have half a billion people using it. It has group chats and all the usual things. Find it here.

Threema – If your main concern is security, then you should have a look at Threema, which likes to crow about such things. All the features you would expect from an app like this. We won’t patronise you by going through them all again. Get at it here.

Also: There’s Google’s various offerings, Snapchat, sending people direct messages on Twitter, BBM, and Apple’s iMessage… but you knew all about them already.

The worst passwords of 2015

January 20th, 2016 1 Comment By Mof Gimmers

password 300x289 The worst passwords of 2015Passwords eh? Some companies want to kill them off entirely, possibly because people are so awful at choosing them.

Now, we’re sure that BW readers all have excellent passwords and use different ones for different sites, but there’s some truly dreadful ones knocking about, even though everyone really should know better by now.

Security crew SplashData, looked through data dumps from hacks, to look at the most popular passwords in the world… and there’s a lot of lousy ones still being used. So, in 2014, ‘password’ and ’123456′ topped the list, and last year, commonly used passwords included ‘12345678,’ ‘12345,’ ‘123456789,’ ‘1234,’ ‘1234567,’ and ‘111111’.

There was also appearances from ‘qwerty,’ ‘welcome,’ and ‘letmein’, as well as a load of sports like ‘football’ and ‘baseball’. Naturally, there’s still a load of people using ‘abc123’, just asking to be hacked.

New in the top 25 list this year were ‘login,’ and ‘princess’, as well as ‘starwars’, too. There’s also people who use two columns of their keyboard to tap out ‘1qaz2wsx,’ which is oddly charming.

Of course, companies are trying to make people choose passwords that are more secure, but alas, there’s no accounting for people who just can’t be bothered. Maybe it would be a good idea to provide other ways of making your accounts secure, as there’s clearly a lot of people who are just asking for a hacking.

windows 10 New way to stop Windows 10 harvesting your data, all over againThere’s been issues with your security and Windows 10 before, and we’re here again, after some updates. Microsoft decided to make some changes, and we’re particularly good at letting users know what they were up to.

If you changed your settings when you heard about Windows 10 storing your keystrokes and voice commands last time, looks like you’re going to have to do it all over again.

Mercifully, this is not a tricky thing to fix. Here’s what you have to do:

First off, hold down the Windows key and press R. There, you’ll get a pop-up, where you need to type in ‘services.msc’. Press ‘enter’. In the list that comes up, scroll until you see ‘Connected User Experiences and Telemetry’. Double click that.

Then, click ‘Stop’. From there, you need to select ‘Disabled’ from the drop-down menu, and then click ‘OK’. And that’s it. You’re done.

Or, if the Threshold 2 update hasn’t installed on your device yet, this will all be under the ‘Diagnostics Tracking Service’, where you do the same as above to stop that from harvesting all your data.

Easy peasy.

Is Facebook’s ‘Friend Finder’ unlawful?

January 15th, 2016 No Comments By Mof Gimmers

facebook mobile 300x200 Is Facebooks Friend Finder unlawful?You know the ‘Friend Finder’ feature on Facebook? It’s a pretty key service offered by the social network, isn’t it?

Well, a high court in Germany has said that the feature is ‘unlawful’, that encourages users to market Facebook to their contacts.

So what’s the problem with that?

The Federal Court of Justice ruled that this constitutes advertising harassment. The ‘Friend Finder’ feature allows Facebook to get permission from users to take all the email addresses from someone’s address book, which the social network can then use to invite non-users to use Facebook.

The court says that this is a deceptive marketing practice, and that Facebook have not sufficiently informed their users that this was how they’d be using their contacts’ data.

The VZBV, who brought the case to court, said that this is going to see a knock-on effect for other companies who employ similar types of advertising: “What the judgement means exactly for the current Friends Finder, we now have to find out. In addition to Facebook, other services use this form of advertising to attract new users. They must now probably rethink.”

It is a sneaky way of Facebook getting the email addresses of people who have no intention of signing up with them, which is something of a worry. Given that a lot of people don’t trust Facebook at all, this court ruling could be seen as good news. However, you suspect FB will find a way around it.

One to keep tabs on.

Your boss can read your messages, says court

January 14th, 2016 2 Comments By Mof Gimmers

boss office 300x245 Your boss can read your messages, says courtHave you been sending messages to your mates while at work, using the office computer? Have you been chatting someone up while on company time? Well, you might want to hold back on what you say, because thanks to a court, your boss now has the right to have a look at your private messages.

Europe’s court of human rights (ECHR) ruled that your employers can check your private messages, after a case that looked at the situation involving an engineer who got the sack for using Yahoo Messenger to chat with his family (as well as professional clients, of course).

The ECHR heard, but dismissed the engineer’s argument that his right to private correspondence was violated, siding with his bosses.

Basically, if your work are telling you that they might be checking your messages – even in small print – then as long as they’ve let you know, they’re legally allowed to do it. Of course, you’d have to be using the company’s equipment for this to work – they can’t go through your personal phone.

They can also film you with CCTV, but only if they’re obviously using it – secret cameras aren’t allowed.

The court said it was not “unreasonable that an employer would want to verify that employees were completing their professional tasks during working hours.”

This won’t be news to some people, but if it is, don’t go slagging your job and your employers off in private messages, and certainly don’t send nudes to anyone on the company computer, unless you don’t mind your team leader seeing it, and you don’t mind getting sacked. Best to operate on a Worst Case Scenario in this instance.

spy spying 300x300 Privacy watchdog is not happy about the snoopers charterThe snooper’s charter has pretty much annoyed every single person in Britain who cares about everyone’s personal privacy. Add to that, the information commissioner’s office. The ICO have lambasted the draft Investigatory Powers bill, saying that it is an attack on individuals’ privacy.

What’s got their dander up? Well, like other critics, they’re not at all happy about the government’s idea that apps and communications should be weakened so they can have a look at people’s messages if they think something is up.

The ICO told the parliamentary committee who have been asked to look at the bill that “little justification” has been given for this contentious part of the legislation, saying that encryption “is vital to help ensure the security of personal data generally.”

One of the big concerns is, obviously, the government being able to look at your messages without you knowing. Another is that weakening encryption could see hackers having a field day, thereby, seeing that the government make everyone less secure. Of course, criminals will find other ways of talking in secret, because they’re criminals – that’s what they do.

This type of end-to-end encryption that we currently have ensures that the people providing the communication service can’t read people’s messages, even if an authority asks them to. Facebook and Apple apps have this type of security, as does Telegram. If the government get their way, then the services will be weakened.

The ICO say that allowing the government to do this will have “detrimental consequences to the security of data and safeguards which are essential to the public’s continued confidence in the handling and use of their personal information”, and that “the weakening or circumvention of encryption [is a] matter of real concern”.

“The information commissioner has stressed the importance of encryption to guard against the compromise of personal information. Weakening encryption can have significant consequences for individuals. The constant stream of security breaches only serves to highlight how important encryption is towards safeguarding personal information. Weakened encryption safeguards could be exploited by hackers and nation states intent on harming the UK’s interests,” they continued.

Google ban AVG Chrome extension

December 31st, 2015 No Comments By Mof Gimmers

new google logo 300x300 Google ban AVG Chrome extensionGoogle have gone and banned AVG from automatically installing their Web TuneUp Chrome extension. Why? Well, it completely borked the online security of nine million people, thanks to weaknesses found in an audit.

Tavis Ormandy, a researcher at Google, had been giving the antivirus software the once over, found that it was filled with vulnerabilities, which is exactly the opposite of what you want out of something that’s supposed to make your devices safer.

The Web TuneUp is installed with AVG’s antivirus package, and basically tries to stop you Chrome users from going on sites that host malware. At the time of writing, over 9 million people were using it.

Ormandy said that the extension leaked “browsing history and other personal data to the internet,” and that means that nasty websites could exploit the frailties to get into other sites a user is logged into. This is great news for hackers, and terrible news for everyone else.

“Apologies for my harsh tone, but I’m really not thrilled about this trash being installed for Chrome users,” Ormandy told AVG in his report. ”The extension is so badly broken that I’m not sure whether I should be reporting it to you as a vulnerability, or asking the extension abuse team to investigate if it’s a PuP [potentially unwanted program aka malware].”

Last week, AVG updated the programme, however, Google are still not allowing AVG to install the extension automatically. Looks like they need to get Google’s trust back up. If you want it, you’ll have to download it manually from the Chrome store.

“We thank the Google Security Research Team for making us aware of the vulnerability with the Web TuneUp optional Chrome extension. The vulnerability has been fixed; the fixed version has been published and automatically updated to users,” an AVG spokesperson told El Reg.

Ashley Madison subscriptions are up since hack

December 29th, 2015 No Comments By Mof Gimmers

ashley madison logo 300x225 Ashley Madison subscriptions are up since hackIf the aim of the Ashley Madison hack-and-leak was supposed to shame people, and stop them from using the affairs-site, it doesn’t seem to have worked.

Membership to the site has rocketed by more than 4 million in the last six months! It seems that this high profile hack was a fine piece of advertising for the website. It could truly become the sex-tape of the online dating universe.

This will irritate the group called The Impact Team, who carried out the leak, who went on the attack because they wanted Ashley Madison shut down. Of course, it remains open and, thanks to the publicity from the hack, it now has millions of new users.

However, it is far from good news for Avid Life Media (who own AM). While numbers are up, and a £37 million profit in the last financial year, they are looking at a huge amount of lawsuits, which tot up to somewhere in the region of half a billion dollars in damages.

People are suing the company, as they felt that their very personal and private data should’ve been better protected. The fall out from this is things like marriages going down the pan, and we all know courts love taking cases like that.

There’s rumours that this spike in memberships could be bogus too.

A former employee has claimed that they were asked to build around a thousand ‘fake female profiles’, and Gizmodo have previously reported that around 70,000 accounts were actually bots which were created to talk to men who had signed-up with Ashley Madison.

Either way, if you want some attention, sites could well be organising their own hacks for publicity.

TrueCall38 the answer to your cold-calling prayers?

December 23rd, 2015 3 Comments By Mof Gimmers

cold calling TrueCall38 the answer to your cold calling prayers?Are you sick of having to put your phone number in online forms, as mandatory? You know that you’re destined for a load of cold-calls from a bunch of businesses you don’t want to speak to, yet, you have to put something in.

Well, if you’re no good at making numbers up, there is a solution which could prove valuable if you want your mobile to be mither free, with TrueCall38.

They say: “Do you get annoyed when you fill in a form and have to enter your phone number even when you know that the company doesn’t really need it? What are they going to do with it? Who will they give it to? Your privacy is valuable – protect your phone number with trueCall38!”

“Enter our phone number 0333 8888 8888 (that’s three threes, eight eights) as your phone number, and if, or rather when, they call, those cold call culprits will hear our short but sweet recorded message:- ‘trueCall38 is handling my calls. I prefer not to be contacted by phone, so please contact me via my email address.’

Not bad eh? Of course, some online forms can be a bit pernickerty, but they’ve got an answer for that as well – if the normal trueCall38 number is rejected, then enter 0333 8888 888 (that’s one less eight).

They service costs nothing, but if you have any questions, check out their website.

Apple take shots at Snooper’s Charter

December 22nd, 2015 No Comments By Mof Gimmers

spy spying 300x300 Apple take shots at Snoopers CharterEven though Apple have been accused of helping governments to spy on people through special software, that’s not stopped them from having a pop at the Government’s proposed new surveillance legislation (or, Snooper’s Charter).

In response to the Investigatory Powers Bill, Apple have said that the “bill will put law-abiding citizens at risk – not the criminals, hackers and terrorists. The fact is to comply with the Government’s proposal, the personal data of millions of law-abiding citizens would be less secure.”

If you’re bored or confused at the mere mention of this, let us give you the vaguest of ideas of what it is – basically, the Government want to lump all surveillance powers up to date, which means tech companies won’t be able to encrypt your messages… so people can spy on them if needed.

Now, of course, some people say they’ve got nothing to hide and are happy for this to happen, as it will help to catch terrorists and baddies. However, critics say that it won’t catch nasty people, and will just let the powers that be listen in on absolutely everyone, which is sinister.

In addition to that, if you weaken encryption, baddies might be able to exploit it, and do you really trust politicians with the keys to the internet’s security? You shouldn’t – they’re almost entirely all idiots.

And so, to Apple, who said that they’re not impressed with the bill’s lack of clarity when it comes to the encryption of data. Of course, a number of messaging services use encryption to scramble you text, so no-one can look it who shouldn’t be, including WhatsApp and Apple’s very own iMessage service.

They said: “Strong encryption is vital to protecting people from malicious actors. Without strong defence, these attacks have the potential to impose chaos, and threaten our way of life, economic stability and infrastructure.”

“This bill threatens to hurt law-abiding citizens in its effort to combat the very few bad actors who have a variety of ways to carry out their attacks. Strong encryption does not eliminate Apple’s ability to give law enforcement metadata or other categories of data … the information Apple and other companies provide helps catch criminals and save lives.”

The Investigatory Powers Bill joint select committee has until 11th February to go over proposed legislation and the like. Most tech companies are very critical of plans to weaken encryption. Of course, the tech companies themselves aren’t always doing nice things with your personal data… so who do you trust?

Ashley Madison blackmail kicks off

December 21st, 2015 2 Comments By Mof Gimmers

ashley madison 264x300 Ashley Madison blackmail kicks offYou remember the Ashley Madison hack, don’t you? Well, month after the breach, there’s reports of blackmail still going on as a result of it. Most of it, thus far, has been online, but this new batch is coming in the form of physical letters.

Seeing as Ashley Madison was a site dedicated to people wanting a bit on the side, all these threats are very worrying for anyone who signed-up to the site. Of course, to some, there’s going to be little sympathy, but that’s beside the point.

The fact is, because the dumping of data was public, if you stop on blackmailer, that doesn’t mean someone else isn’t going to try it on.

And now, Graham Cluey who is a security researcher who reported on the hack, has written about the newest concern, when he received an email from someone who got a physical letter through the post.

The person who contacted him say that they were a user of Ashley Madison, and have got a letter trying to blackmail them for over $4,000 in the mail.

They said: “I just received a physical postal letter to my house asking for $4167 USD or exposed my AM account to people close to me. is your advice the same as in your vid about email blackmail? Thank you”

Cluey’s advice: “I understand that it must be very unsettling and worrying, but paying the blackmailers any money is only likely to make them focus on you more.” Of course, as the blackmailers have physically sent you something – as opposed to email – that does mean you may have in your hands some useful physical evidence for the police to investigate the perpetrators.”

So, in short, don’t pay out. Cluey has made a video offering advice on all this, which you can watch below.

Facebook to look at name-change rule, again

December 16th, 2015 No Comments By Mof Gimmers

Bitterwallet Facebook censorship Facebook to look at name change rule, againFacebook have, in no uncertain terms, been a pain in the arse, when it comes to which name you can use on their social network.

They’ve faced huge amounts of criticism, as they forced users to use the name on their passport, rather than nicknames. People trying to avoid crazy exes, drag performers, people with nicknames… even people with names that are deemed to be unusual, have been asked to change their names by Zuckerberg’s company.

Facebook introduced this in a bid to stop bullying or trolling, which of course, it hasn’t and won’t ever, but there you go – that’s their answer and they’re sticking to it. Either way, a lot of accounts have been suspended as a result.

Again, Facebook have said they’re going to have a look at the ruling, even though they’ve said this before and haven’t done a thing about it yet. They’re testing new options that will make it more difficult for individuals to be targeted online, and as well as that, give users the opportunity to explain why they’re using a pseudonym on Facebook.

One of the reasons that they might be thinking about a change, is because people have been trolling the network and finding people to report. One person has boasted about taking down numerous accounts by themselves, for quite grim reasons (more on that person, here).

“We’re firmly committed to [the] policy, and it is not changing,” Facebook said. ”However, after hearing feedback from our community, we recognise that it’s also important that this policy works for everyone, especially for communities who are marginalized or face discrimination. That’s why we’re continuing to make improvements in this area.”

“When people use the names they are known by, their actions and words carry more weight because they are more accountable for what they say,” it said. ”It also makes it harder for bullies to anonymously smear the reputations of others, or anyone else to use an anonymous name to harass, scam or engage in criminal behaviour.”

Airlines credit card details exposed

December 11th, 2015 No Comments By Mof Gimmers

plane 300x225 Airlines credit card details exposedThere’s a credit card vulnerability called ‘CardCrypt’, and it has affected 16 companies including EasyJet, Aer Lingus, AirAsia, and more. This has revealed customer credit card details, thanks to internet baddies intercepting the data when people sent their details via apps.

It looks like up to 500,000 have been affected by this flaw, when they were booking flights, or upgrading.

The data sent via an unencrypted connection does include sensitive info, that could well be used in scams, stealing identities, and making off with your money. The firm who found the flaw, Wandera, said that complete credit card details, CVV security codes, customer names, full addresses, transaction amounts and contact details, are at risk.

Wandera said this information was exposed because companies haven’t been using the https secure protocol: “We believe there are two likely reasons why HTTPS has not been used, everywhere at all times. It could be a flaw in the coding, or it could be a case of relying on inadequate third party services or libraries. Either way, it’s astounding to me that these companies have failed to exercise sufficient care in the collection of their customers’ personal data.”

“The most alarming thing is that it is very likely that there are plenty of other brands who have made the same mistakes. With lots of people booking journeys to go home for the Christmas holidays, it is worrying how much sensitive data could be put at risk.”